Yet Another Breach - Massive Capital One Hack

Recommended Posts

I'm really tired of hearing about these. As security conscious users, we take measures (sometimes extreme measures in the cases of the more paranoid among us such as myself) to secure our systems and our data, yet it seems none of us is safe from being violated, but not through any fault of our own, but instead by third parties who are responsible for our data because we are in their databases. This time it's Capital One that had their systems infiltrated, but thankfully the culprit has been caught, however at this point no one knows if the guilty party shared (or sold on the black market; a common ploy by hackers seeking quick profits) any of the stolen information that was exfiltrated from Capital One's servers, but the issue is being investigated by authorities.

You can learn more about this incident here. The article claims that this is one of the largest financial service breaches in history, apparently dwarfing the recently reported Equifax incident; you can read more about that incident on the Malwarebytes Labs blog here if you aren't familiar with it.

One of the issues I find most frustrating is that in spite of these near constant breaches, large companies continue to seek more and more information about their customers (and anyone who uses their services/sites/software etc.), and while the amount of information these organizations have on people is only increasing exponentially, the number of breaches exposing all of that information is also increasing. I am not claiming that there is any sort of correlation; obviously there is not, however it is disturbing that these organizations are so eager to gather so much personal data and information when it's been proven time and time again each time an incident like this gets reported, that they cannot keep that information secure and out of the hands of malicious third parties such as hackers and criminal organizations. That doesn't even take into account the potential for a malicious actor within such an organization such as a rogue employee who might be secretly stealing data to profit from it on the black market or through credit fraud.

Edited July 31, 2019 by exile360

Share this post

Link to post

Share on other sites

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.

Share this post

Link to post

Share on other sites

Yep, agreed, but it'll never happen, at least not in the US thanks to lobbyists who fight to represent these companies' financial and legal interests. It's the same reason net neutrality died/was overturned and why the likes of Microsoft, Google, Yahoo, Facebook etc. were all called out over PRISM, yet every single one of them had almost the exact same response, nearly word-for-word (curious, isn't it?) when speaking publicly about the allegations made in the leaked document provided by Edward Snowden. All this data collection is a great tool for governments, marketing folks, and pretty much anyone who has the means to take advantage of such massive data sets; something that is becoming increasingly accessible via modern hardware and AI/Machine Learning, with powerful GPUs to process all that data becoming more powerful and more widely available every year. Unfortunately it will not be long before the bad guys begin taking advantage of AI as well, and when they do, the cyber-security industry is going to have a massive issue on its hands in trying to keep things secure.

Share this post

Link to post

Share on other sites

Yep, unfortunately there isn't much one can really do about it. Though they say passwords were not obtained, I went ahead and changed my password. I already have 2FA and Alerts sent to my phone. Not much else I can do about it on my end. Not going to give them even more data about me to "help me"

Share this post

Link to post

Share on other sites

My credit's so bad, anyone trying to pull any sort of credit scam/loan scam using my info would likely find that they'd be better off just being honest and using their own, but if any wealthy criminals feel like taking on my debts and paying them for me, they're more than welcome to it

My credit's so bad, anyone trying to pull any sort of credit scam/loan scam using my info would likely find that they'd be better off just being honest and using their own, but if any wealthy criminals feel like taking on my debts and paying them for me, they're more than welcome to it

Yep, agreed, but it'll never happen, at least not in the US thanks to lobbyists who fight to represent these companies' financial and legal interests. It's the same reason net neutrality died/was overturned and why the likes of Microsoft, Google, Yahoo, Facebook etc. were all called out over PRISM, yet every single one of them had almost the exact same response, nearly word-for-word (curious, isn't it?) when speaking publicly about the allegations made in the leaked document provided by Edward Snowden. All this data collection is a great tool for governments, marketing folks, and pretty much anyone who has the means to take advantage of such massive data sets; something that is becoming increasingly accessible via modern hardware and AI/Machine Learning, with powerful GPUs to process all that data becoming more powerful and more widely available every year. Unfortunately it will not be long before the bad guys begin taking advantage of AI as well, and when they do, the cyber-security industry is going to have a massive issue on its hands in trying to keep things secure.

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.

Share this post

Link to post

Share on other sites

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.